Saturday, September 24, 2016

This is the third article in a series of typical customers questions around Office 365. These questions were part of presentation I did with two other resellers at the Australian Microsoft Partner Conference in 2016. You’ll find the first part of the series here:

My team has to manage a lot of documents for a lot of clients and we have trouble working effectively with this information when you also combine it with data from email and other sources. How can Office 365 be used to allow my business to be more effective with the information we are producing?

There are so many ways that this question can be answered with Office 365. Consider the following as simply an overview of what is possible.

The most important thing to appreciate about Office 365 is that all the information you put in there is searchable. The results from any search are ‘security trimmed’. That means you only see results that you have access to view.

For most users Delve provides a single pane of glass across nearly all of your Office 365 services.

They will get around 1TB of space into which they can store and share their personal files. This means they can move information stored on their local desktop, PC, USB drives, etc into a secure location that only they have access to and that they can share from with others, inside and outside the organisation if they want. It is important to note that OneDrive for Business is not designed as a file server replacement, it is designed for personal use. SharePoint Team Sites and Office 365 Groups are more the locations for information that needs to be shared with a teams of people.

There are many other products that do personal file sharing but here’s an overview of why OneDrive for Business is a superior technology.

Now I mentioned Office 365 Groups as another location in which you can save your information. Office 365 Groups is great if you simply need an email distribution and single place to store common files. For a better idea of what Office 365 Groups are all about have a look at:

Remember, that everything you put into a SharePoint Team Site is searchable, including the text inside documents. Team Sites allow you to create a hierarchical structure much like a file server but add in collaboration features like calendars, wikis, lists, etc.

You can get more functionality by using ‘metadata’ to tag your information to make it easier for your users to filter and sort.

The great thing is that you can customise your metadata to exactly suit your needs.

Another service available to Enterprise Office 365 Plans is a private video portal called Office 365 Video. In here you can place and share videos with your team. This is a great place for training resources as well as recordings from Skype for Business.

You can also embed these videos directly into your SharePoint Team Site quickly and easily.

Another member of the Microsoft Cloud family is CRM. This allows you to manage contacts, sales, etc. but will soon also allow you to manage your financials thanks to the recently announced Dynamics 365.

The big advantage these additional Microsoft Cloud products provide is the fact that access is governed by the same login users have for Office 365. This provides greater integration and management that few other services can match.

Another location that your team can collaborate together is in Yammer. Yammer provides an enterprise social network to share information publically which has so many benefits to the business. I’ve outlined many of these here:

Don’t forget also that many Office 365 suites provide your users with the latest Office desktop software on their PC’s, Macs and mobile devices. They get at least 5 installation on each platform to ensure that everyone has the same version of the software. As an Office 365 subscriber you receive continuing free upgrades to this software automatically so you don’t need to worry whether everyone has the ‘latest’. They will.

Finally, Office 365 is also going to provide you the ability to automate your business process and information via a number of different tools such as:

In summary, Office 365 gives a lot of ways to manage and work more effectively with your information. It also provides you with the opportunity to improve the way you work today, become more effective and save time. It really is a single platform dedicated to better information management, accessed via a single login that is always constantly evolving and improving. In short, Office 365 is more than email and file storage, it is a full suite of productivity services to help your business better manage your information.

Watch out for the answers to more common questions with Office 365 coming soon.

Wednesday, September 21, 2016

Now because I’m not really an on-prem kinda guy any more, and also because I don’t have the physical equipment to do this, I never spent much time with Azure Site Recovery (ASR), which uses Hyper V replica technology. However, thanks to creating this course and including an ASR module I gotta say this Hyper V replica stuff is really cool!

The great thing with Hyper V replica is that you can do it directly between machine or via a cloud service such as Azure. Once you get the two locations replicated and synced you can do all sorts of fail overs. That allows you to easily spin up replacement machines in the backup location (such as Azure) as well as recover from these locations.

What really blew me away was how easy this was all to set up with Azure. Much, much easier than I thought. There is a three step wizard you follow through to get everything connected up. Then from there you have lots of disaster recovery (DR) and even migration options.

Thus, you can fail over a local Hyper V guest to Azure and then use that as a migration process to get that machine into the cloud. That is a really nifty way of moving whole VMs to Azure!

Now of course there is some leg work and understanding you need around Azure Site Recovery and Hyper V Replicas, but like I said, it is surprising at how easy it is to actually implement. I’d therefore suggest that if you are looking to provide DR services for businesses with local Hyper V guests or looking to migrate existing Hyper V guests to Azure VMs then you should take a look at Azure Site Recovery.

Of course, I’d also recommend you sign up for my Azure Backup online course to give you a quick start on all the backup options with, including Site Recovery. I’ve also got an option where you can sign up for the complete catalogue of my courses annually. One fixed price for access to every online course I create now and into the future. To find out more visit:

It provides you an overview of what Rights Management is, what features are available with Office 365 E3 or better suites as well as what the Azure Rights Management provides on top of the standard set of features.

Marc spends some time with Steve Luper, ‎Worldwide Technical Director, Azure Managed Partners at Microsoft talking Azure. Marc and I of course also give you our regular update on all the cloud news and events from Azure, Office 365 and more. don;t forget you can also provide us you feedback at feedback@needtoknow.cloud.

For September the focus will be on the business of benefits of Yammer. I’ll explain how Yammer works and show you how to get started using Yammer in a business as well as some tips and tricks to make it effective in your organisation no matter how big or small. You’ll also get some insight on how to administer Yammer if that is your role.

Attendees will see hands on demonstrations of Yammer and Office 365 as well as be able to ask any question of me during the open Q and A session. You'll also get updates from Office 365 to help you understand what new with the product and how you can take advantage of it. Join me for this deep dive webinar and I promise, you'll learn something you didn’t know about Office 365 that will save you time and money.

However, as you can see by the above screen shot, when I attempted to do this recently the Script Editor Web Part was not evident. Strange, I thought.

The above image shows the difference and the Script Editor Web Part being available. What was the difference? Why did it appear in one tenant but not in another?

At first, I thought it had something to do with the licensing for the user I was logged in as. However, it turns out that the issue was that scripting hadn’t been enabled for Team Sites in the SharePoint Admin center.

I have previously detailed how missing Web Galleries are also due to scripting not being enabled. My previous post on this as well as how to enable scripting with SharePoint Online is here:

So it turns out that disabled scripting in SharePoint Online also disables some web parts (the Script Editor Web Part being one). Therefore, it is probably good practice to always ensure that scripting is enable in the SharePoint Admin Center before you start building your Team Site.

By attending you’ll get the latest Cloud news plus a deep dive into an Office 365 topic as well as open Questions and Answers where you can ask any question you like.

This months deep dive will focus on Yammer. What is is? How can it be used to collaborate? And how can it be used effectively inside a business of any size? I’ll show you and share some best practices, along with some tips and tricks.

Of course if you have specific questions on Yammer or Office 365 you’d like answered don’t hesitate to send them to me (director@ciaosp.com) and I’ll do my best to make sure they get answered.

One of the missing pieces when it came to working with Azure in Office 365 was the ability to manage Azure Active Directory. Previously, this all had to be done via the older “classic” or Service Manager Portal, such as:

Saturday, September 10, 2016

This is the second article in a series of typical customers questions around Office 365. These questions were part of presentation I did with two other resellers at the Australian Microsoft Partner Conference in 2016. You’ll find the first part of the series here:

Customer Question - There is a lot of talk about online privacy and governments spying on data. Although my business doesn't have anything to hide how does Office 365 keep my data private and secure from unwanted 'prying eyes'? I also have a legal responsibility to ensure my clients data remains secure and private. Can this be achieved with Office 365 to ensure I am compliant with any legislation?

In Australia, if you run up an Office 365 tenant today the data will be located in the Australian data centers. An administrator can easily see where their Office 365 data is located using this process:

The E5 license provides functionality known as ‘Customer Lockbox’. This allows the customer to control who accesses their data by basically have requests for access come directly to the customer. I have written an article about this here:

Information saved in Office 365 is also encrypted at rest as detailed in this video:

Depending on the Office 365 license you have (typically E3 or above) you can enable and configure additional security measures to keep your data safe. One of these is Data Loss Prevention or DLP and I have previous detailed how to set this up for SharePoint:

Office 365 also includes the ability to enable multi factor authentication. This means that not only do you need a login and password but you’ll also need something like a unique code sent via text message to login. You can read more about this here:

I’ve also previously covered how Office 365 includes basic Mobile Device Management (MDM) that allows you to protect which mobile devices connect to your environment as well as allowing you to set policies to ensure they are secure. You can read more about how to set that up here:

These plans also allow you to use advanced eDiscovery to search across all the data sources inside Office 365 for information that matches your pre-defined query. Here is an article I have written about eDiscovery with SharePoint Online:

As I have written about previously, many users of E3 licenses and above don’t appreciate that they have the ability to use Rights Management to protect their documents no matter where they are located. My article explaining all this is here:

As I have said before, the security features of Office 365 are one of the real differentiation points when it comes to online services. There are lots and lots more features I could dig into here but I’ll point you to a presentation I gave a while back on Office 365 security which is a good overall summary of what’s available:

You can rest assured that Microsoft takes security very seriously and as such, has many features available across all plans to ensure your data remains private and secure. You can increase that security by using the Enterprise Plans such as E3 and above to enable even more security. For what these advanced plans provide, their cost is cheap. Really cheap. So if you haven’t considered what additional security plans like E3 include then I’d strongly encourage you to check out the features.

Watch out for the answers to more common questions with Office 365 coming soon.

Thursday, September 8, 2016

I was recently lucky enough to present at the Australian Partner Conference 2016 with Microsoft and two other resellers. The focus of our presentation was around how to answer common user questions with Office 365 and the features that it includes.

What I thought I’d do is share these questions and answers over a few blog posts. So here is part one.

Customer question - I know a lot of businesses that are getting hit by this crypto locker malware where their documents are being encrypted and there are being asked to pay a ransom. I am really worried that one of my employees may inadvertently open an infected file and we'd be in the same boat as we get lots and lots of attachments every day. How can Office 365 protect me against that?

Office 365 already includes advanced malware protection in email by default. With the E5 license you also get:

as well which includes the ability to open suspect attachments in a sandboxed environment to determine what happens and take the appropriate action. More details of these features can be found in this video:

By default, every time a document is updated in SharePoint Team Sites or OneDrive for Business the previous version is saved. Thus, if a file does become encrypted it can be quickly rolled back to a previous version.

At the moment, if multiple files do become encrypted and uploaded there is no single command sequence that would allow you roll back multiple files. Unfortunately, rolling back to a previous version has to be done one file at a time. However, as I understand it, Microsoft is working on a process to roll back multiple files via a single command. I also believe it is possible to do this using advanced scripting (aka PowerShell).

Exchange Online also allows you to create rules to automatically exclude certain attachments and quarantine them before they are delivered to end users. A good reference is:

You can also use a third party mail cleansing service, such as Mailguard, in front of Exchange Online.

Of course, the best best protection that you can have is informed and paranoid users. Part of any security policy for a business needs to be education not abdication of this to technology. Technology is not 100% reliable, there is always the chance of some attack slipping through the protective technology security net that is erected around the business. On the odd occasion that this should transpire if it greeted with informed and paranoid users then the chance of the payload being delivered, and the business being interrupted, is much lower. You know, an ounce of prevention and all that.

Office 365 provides some excellent protection by default. The premium Office 365 licenses provide better protection. Appropriate configuration and user education provide even more protection. Finally, there is always the option to integrate third party solutions.

Wednesday, September 7, 2016

The reason that I attend many events these days is simply because of the networking opportunity. People buy from people, not from websites, not from brochures, etc. They buy from people they know. This means it is critical to actually go out, show your face and connect with people one on one. Nothing drives opportunity faster than meeting with people in my experience.

So why, if meeting people is so beneficial do so many overlook the most basic thing you can do when you meet people at networking events?

It never ceases to amaze me how many people you meet who have some excuse for not having a business card they can give you. For me, part of the discipline of getting ready for a networking event is to ensure I have a wad of business cards in my top pocket every time. Typically, as soon as I meet someone at an event, they get a business card from my top pocket, automatically.

Your business cards do you no good sitting in a holder on your desk or locked away somewhere! The challenge you should set yourself at any networking event is to aim to give away ALL your business cards. That is the only acceptable excuse for not having cards in my books. Then bring more next time and give those all away.

If I don’t get a business card from a new contact, especially if they say they don’t have any on them, the chances of my doing business with them drops dramatically. Firstly, how do I contact or even remember them? Secondly, it tells me that aren’t organised, not really serious about making contact and you know what? Don’t really care about making it easy for me to work with them.

So, whatever system you need to develop, make sure that before you enter ANY networking event you have a wad of business cards you can give to everyone you meet. Doing so will increase your business I guarantee! Success is a system not a random sequence of events.

Tuesday, September 6, 2016

If you are NOT an IT reseller who makes money from being the ‘Partner of Record (POR)’ then you can safely ignore this article. However, if you are indeed a Microsoft partner who generates an important amount of income to your business from being an Online Services Advisor (OSA) then you should read on because you might get a bit of a shock.

I have always discouraged resellers from placing too much focus on the rebates they received from Microsoft from just selling Office 365. The main reason is that it takes away the focus from the new model of adding value to the old model of just reselling. As I forecast, now that Office 365 is gaining wider adoption the emphasis is shifting from actually selling Office 365 to implementing it. This also means that incentives are also shifting in that direction.

There are going to be major changes to the O365 Online Service Advisor (OSA) commissions model after 1 Oct 2016. In summary (from what I can determine), the major points are:

2. Commissions will be based on product usage not licence count. The incentive is calculated based on Online Services Usage Rate Card value of eligible Office 365, EMS, Microsoft Intune and other SKUs. The commission rate will be 10%.

3. Sell only commissions will drop to 3% until 1st July 2017 on existing managed tenants acquired prior to 1 Oct 2016. After 30th June 2017 no more manage only commissions will be paid on any tenant.

4. Sell only commissions will be 0% for all tenants acquired after 1 Oct 2016.

If you are not on CSP already you really need to make the shift along with your customer licenses! However, you should be really focusing on providing services that add value to the Office 365 product and any revenue derived from actually selling licenses is simply ‘nice to have’.

You’ll be asked to provide Secure Score permissions to your tenant as you see above. Simply select Accept to continue.

Your tenant will then be assesses and rated as you can see above (in this case on a demo tenant).

This site not only gives you a security rating for your own tenant but it also provides you with an Action list which you can undertake to make your tenant more secure.

As you slide the bar in the middle of the page you see your security score increase. However, when you do this, you also see the Actions in the queue increase. Basically, to make your tenant more secure you have to take more actions. Obvious!

You can drill into an Action item to get more details and you see above.

If you select the Learn More button you get an informational card appear on the right with a Launch Now link to take you straight to the location to make the change.

The most interesting item on this page is over on the right, under the Compare your score as shown above.

What I find interesting is that this demo E5 tenant, more or less out of the box, is over 4 times more secure than the average! Not sure how this average is arrived at, and maybe it currently doesn’t include every tenant, but WOW do a lot of people have a lot of work to do to secure their tenant!

You’ll find plenty of other great information on this page as well as ability to view your score over time, so it is worth spending time to explore.

In short, this is great tool from Microsoft. It is simple to use and understand as well as making improving your Office 365 security dead easy! If you have Office 365 then I’d suggest you go and check out your security score. After visiting, I reckon you’d be pretty much at least double your score following the recommendations the site makes.

A surprising statistics is that most SMB resellers merely provide email migrations services to Office 365. Few provide anything when it comes to SharePoint, Yammer, Skype for Business, Power Bi and so on. This does create an real opportunity for those partners who build offerings around all the additional products and features of Office 365.

To help partners get up to speed with the full range of Office 365 Services I developed and run two very unique training sessions. These session are part hands on lab, part lecture and part team building, goal setting and business development. The focus is give you experience in real world environments with Office 365 environments while competing in groups to be crowned ‘top dog’ for the day! This is truly the most unique Office 365 training you’ll find out and a guaranteed way to get partners started down the additional revenue opportunities with Office 365.

Best of all, Microsoft is offering this all day training FREE to partners who register now. Places are strictly limited as classes are kept intentionally small.

There are two courses available, a ‘basic (START)’ and an ‘advanced (GROW)’. The next ‘basic (START)’ course you can register for is here:

A special episode with a true technology superstar. Jeffrey Snover, Microsoft Technical Fellow/Lead Architect for Enterprise Group, Azure Stack and PowerShell Architect joins us to talk about Microsoft Operations Management Suite (OMS) and of course, all about his baby, PowerShell. Jeff shares some really great insights into the birth of PowerShell and why scripting is so valuable is today's modern IT environment. Of course you'll also get a cloud news update from Marc and I as well as a special report about upcoming changes to the Microsoft reseller initiatives around Office 365. It's a bumper episode packed with content. So listen along, give us some feedback and listen to wisdom the father of PowerShell.

Saturday, September 3, 2016

A very common thing people want to is share document from their own OneDrive for Business with others. You can break this down into sharing with two different audiences, internal and external.

Internal users are users inside the same Office 365 tenant. While external users are those outside the users Office 365 tenant. The above video shows you how to share documents from a user’s OneDrive for Business with internal users. Look out for another video coming soon that details the process of sharing with external users.

This tutorial shows you how to share files with other users in your Office 365 tenant. You'll see how to share a file, respond to an invite and co-author a document. You'll also see how to quickly locate files that others have given you access to from their own OneDrive.

Friday, September 2, 2016

DLP or Data Loss Prevention is a way inside Office 365 (E3 suites or above) that you can protect data from leaving the organisation. You can use DLP to protect not only email attachments but also files in SharePoint Online Team Sites and user’s OneDrive for Business.

Office 365 provides a number of standard templates for protecting standard information, such as credit card information as detailed here, but you can also customise the DLP policies to protect any custom data you wish.

The first step in using DLP is to set up and enforce the policies you wish to use. To do this you’ll need to login to the Office 365 portal as an administrator with the appropriate rights. You’ll then need to navigate to the tenant Admin area. From the menu on the left hand side of the screen expand the Admin centers option. From the options that appear select the Security & Compliance item.

From the Security and Compliance console select Security policies on the left. From the options that then appear below this select Data loss prevention. If this menu item doesn’t appear then you current don’t have an Office 365 plan that supports DLP.

On the right hand side you will probably see that the list is empty. Select the Plus icon to create a new policy.

You can select from a number of templated policies if you wish but in this case select Custom and then the Next button.

You now need to select the areas in which this policy will apply. You can specify unique locations but for this example we’ll simply select all locations and then continue.

At the next screen select the Plus icon to set the rules for which you wish to test.

In the new window that appears select the Add condition button.

From the pull down menu that appears select Content containing sensitive information.

Select the Plus icon that appears to enter the actual rules.

Scroll down the list that appears and select Credit Card Number. You can select other items here but in this case all we want this example DLP rule to test for is credit card numbers.

Select OK to continue.

You should now see the entry appear in the list as shown above. You can edit this entry if you wish by selecting it and then pressing the Pencil icon (edit).

Select the Actions item from the menu on the left.

Select the Add actions button on the right.

In this example, select Block the content. This will prevent anything that matches this rule from being shared.

You should now see the blocking Action listed as shown above.

Select the Incident report option from the menu on the left. Enter the details if you wish to receive a report of any actions on this policy.

Select General from the menu on the left. Give this set of rules a name and save them.

You should now see the rules listing appear as shown above in the DLP policy you just created. You can create as many of these rules inside a single policy as you wish. However, best practice is always to keep it simple.

Give the DLP policy and name and select the option to Turn on the policy.

Select the Create to complete the policy creation process.

You should now see the policy listed in the DLP area as shown above. You should also see that the Status is set to On.

The DLP policy will not come into effect immediately. It will take a little while (15 – 30 minutes typically in my experience) to roll out through your tenant.

To test the policy, create a document in your OneDrive for Business that contains credit card numbers as shown above. The numbers used here are verified public ‘test’ card numbers.

Now create a public View link that requires no sign-in as shown above. This should allow anyone who clicks on that link direct access to the file without the need of a login or password.

When the DLP policy is active anyone trying to access that link will have the content blocked as shown above. This confirms that teh DLP policy is working as expected.

If you also elected to get alerts you should fine one in your inbox as shown above.

Thus, DLP is a way to protect your Office 365 information by examining the contents against a set of rules that you create. It can examine both email and file data then take actions which you determine.

New site collection limit

As more and more teams embrace the breadth of capabilities offered in SharePoint Online grows across team sites, Office 365 Video and portal sites, their content storage requirements are growing. To address this, we will increase the SharePoint Online site collection storage limit in the coming weeks from 1 TB to 25 TB. This increased limit will be immediately reflected in the official SharePoint Online boundaries and limits article.

which also details the continued integration between Office 365 Groups and Team Sites.

This storage increase is BIG news for SharePoint Team Sites and is really great pro-active move by Microsoft as it places more and more focus on SharePoint and Groups in Office 365. It is clear (as well as in my experience) that more and more businesses are moving the the traditional on-premises data to SharePoint. To ease adoption and encourage people to use SharePoint more then the space for Team Sites must increase.

For a long time we were locked into a SharePoint Team Site storage capacity of 10GB. That jumped to 1TB about 6 months about and now we are going to soon see 25TB! All of that increase in space is provided free if you are an Office 365 customer. Again, the benefits of a cloud subscription model.

**** Correction Start ****

If you actually look at the SharePoint Online limits page (as I should have) you see this:

So it appears that you don’t automatically get 25TB of storage you do however get the ability to scale a single Site Collection to 25TB which you couldn’t before.

That said, I can see the day in the not to distant future where certain plans will get 25TB storage starting storage. Clearly, you can’t offer that until the limits are raised as they have done now.

**** Correction End ****

I’m expecting even more ground breaking announcements around Office 365 and Azure very soon as the Microsoft Ignite conference approaches. But for now, if 1TB of Team Site storage felt a little limiting, now you have 25TG. Thanks Microsoft.

The cost is an annual recurring investment of USD $599 and includes access to EVERYTHING, now and into the future. Thus, as I add more courses to the CIAOPS Academy subscribers to the Complete Course Catalogue will automatically get access as part of their subscription.

If you are looking for online, on demand Office 365, Azure, etc training for a single annual cost then sign up to the new CIAOPS Academy Complete Course Catalogue. Of course, you can still buy courses singly or in bundles, just take a look at what’s there.

Normally, it’s me asking the questions but recently I was a guest on Lisa Hendrickson’s podcast – Call that Girl’s Office 365 show. As you can see the show also includes video and is published to YouTube. Yes, I know I really have a face only for a podcast but hey, I was only the guest this time.

Lisa and I talked about SharePoint and collaboration in Office 365 and the struggles people have in coming to grips with the product.

Hopefully, I was able to pass along some helpful information for listeners and encourage anyone with further questions to hit me up via email (director@ciaops.com). I thank Lisa for the opportunity to be on her show and look forward to maybe doing another in the future.

At this stage of the game it appears that not everything has been migrated to the new Office 365 Administration Console. One of the things that is missing is the Customer Lockbox configuration (which is available with the E5 plan).

To get to theold admin center select the button in the top right of the Office 365 Admin center preview screen. Once you have done that, follow my previous article:

When you have enabled Customer Lockbox according to my article, select the orange bar across the top of the Office 365 admin center to revert back to the new Admin center preview that you started out with.

I would assume that the control of Customer Lockbox will eventually make its way into the new Admin portal but for now you’ll need to go round the long way to configure it.